College Management System V1.0 vulnerabilities
2 known vulnerabilities affecting college_management/college_management_system_v1.0.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-39180P3CRITICALCVSS 9.8≥ All versions, < Upgrade to the latest version.2022-11-17
CVE-2022-39180 [CRITICAL] CWE-89 CVE-2022-39180: College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username an
College Management System v1.0 - SQL Injection (SQLi).
By inserting SQL commands to the username and password fields in the login.php page
nvd
CVE-2022-39179P3HIGHCVSS 7.2≥ All versions, < Upgrade to the latest version.2022-11-17
CVE-2022-39179 [HIGH] CWE-89 CVE-2022-39179: College Management System v1.0 - Authenticated remote code execution. An admin user (the authentica
College Management System v1.0 - Authenticated remote code execution.
An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload
.php file that contains malicious code via student.php file.
nvd